Watcher: NPE when enabled but not configuring sensitive data encryption

[spinscale]

Elasticsearch version (bin/elasticsearch --version): 7.2.0 (and below)

Description of the problem including expected versus actual behavior:

Steps to reproduce:

1. Download distribution
2. Set xpack.watcher.encrypt_sensitive_data: true in elasticsearch.yml
3. Check via bin/elasticsearch-keystore list config/elasticsearch.keystore that xpack.watcher.encryption_key is not set
4. Start Elasticsearch, see below exception

Provide logs (if relevant):

[2019-06-26T08:54:48,901][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [rhincodon] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.NullPointerException
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.2.0.jar:7.2.0]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.2.0.jar:7.2.0]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.2.0.jar:7.2.0]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-7.2.0.jar:7.2.0]
	at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.2.0.jar:7.2.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.2.0.jar:7.2.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.2.0.jar:7.2.0]
Caused by: java.lang.NullPointerException
	at org.elasticsearch.common.io.Streams.readFully(Streams.java:197) ~[elasticsearch-7.2.0.jar:7.2.0]
	at org.elasticsearch.common.io.Streams.readFully(Streams.java:191) ~[elasticsearch-7.2.0.jar:7.2.0]
	at org.elasticsearch.xpack.core.watcher.crypto.CryptoService.readSystemKey(CryptoService.java:94) ~[?:?]
	at org.elasticsearch.xpack.core.watcher.crypto.CryptoService.<init>(CryptoService.java:82) ~[?:?]
	at org.elasticsearch.xpack.watcher.Watcher.createComponents(Watcher.java:265) ~[?:?]
	at org.elasticsearch.node.Node.lambda$new$9(Node.java:438) ~[elasticsearch-7.2.0.jar:7.2.0]
	at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:271) ~[?:?]
	at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654) ~[?:?]
	at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
	at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
	at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
	at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
	at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]
	at org.elasticsearch.node.Node.<init>(Node.java:441) ~[elasticsearch-7.2.0.jar:7.2.0]
	at org.elasticsearch.node.Node.<init>(Node.java:251) ~[elasticsearch-7.2.0.jar:7.2.0]
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.2.0.jar:7.2.0]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.2.0.jar:7.2.0]
	... 6 more

while not starting the node is good, a better error message might be useful. The NPE stems from trying to read the file without checking if it can be read - also the inputstream from retrieving the setting is never closed.

[elasticmachine]

Pinging @elastic/es-core-features